On Wednesday 06 June 2007 20:05, Shachar Shemesh <[EMAIL PROTECTED]> wrote: > > What benefits does this offer over authbind which has been in Debian for > > ages? > > It uses a (I think) much more secure mode of operation. In particular: > - No SUID executables > - User who launches the daemon must be root
Having a daemon instead of a SUID executable does not inherently make it more secure (there has been no shortage of exploits for bugs in daemons in the past). > - Privileges go down, never up The usual system is that a process with UID != 0 can not bind to ports below 1024. Breaking this involves increasing the privileges of some programs. > And, as a result: > - No global configuration necessary (though one will probably be added > later if necessary). How can there be no global configuration needed? The sysadmin needs to decide which users are granted the privilege to bind to low ports and which ports those users may bind to. -- [EMAIL PROTECTED] http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]